HAVE QUESTIONS?

SecuritySpecialists

Problem

Controlling the security of critical objects where business
data is processed is, unfortunately, frequently left beyond
the scope of the CISO's authority, thereby affecting the
security control that most critical objects demand. This
example explains why security is crucial, yet neglected.
Security is most neglected during project deployment especially if the system
owner is part of the Senior Management and strict project deadlines have to be
adhered to. Needless to say, even if the need for SAP security measures is
recognized, inappropriate or lacking resources and information regarding SAP
systems often lead to misconfiguration issues.

SAP security assessment and monitoring is a completely different ballgame compared to other applications such as mail server or domain controller. It demands seamless attention if it has to function and protect information as expected by a business. It is also inherently complex when it comes to enabling and maintaining security, especially since it is highly customizable along with its list of parameters available even in a default configuration. The complexity is amplified by the fact that almost every new SAP vulnerability is traditionally solved by installing an additional option with its own set of parameters, which usually leads to new and complex relations between settings. These complicate pre-existent settings and their functions, often forcing SAP specialists to work through a long list of manuals to rectify and get the system working.

Hence, the demand for SAP security specialists is huge and continues to grow. Regrettably, since the technical side of SAP security is immense, hiring the right candidate for the job is a task. Jobs such as creation of new accounts and segregation of duties can be handled, unlike user passwords, settings that are commonly left in the default state, or software vulnerabilities.

Solution

ERPScan allows for a complete 360° view of SAP systems security. It resolves the issues related to Vulnerability Management, Source Code Vulnerabilities and Backdoors, Access Control along with Segregation of Duties. The idea focuses on creating a tool that CISOs could use to control SAP landscapes and "translate" certain specific SAP problems from their default SAP language to a much more understandable Security language.

Share access to ERPScan console with other teams such as SAP Basis, Risk Management, or Penetration Testers;

Decrease education expenses by using the world-largest knowledge base compiled by information security professional and SAP experts. This allows for easy understanding of found security issues along with remediation steps so that even inexperienced SAP professionals can infer to them;